Wickt42's Tech Blog HomeArchivesTagsCategoriesSlides
php小测
|Webphp小测

1、创建一个名称为cms的数据库,创建user表,字段要求具备id,uasername,password

<?php
header('Content-Type: text/html; charset=utf-8');

$db_host = '127.0.0.1';
$db_admin = 'root';
$db_passwd = 'root';

$link = mysqli_connect($db_host, $db_admin, $db_passwd);
if (!$link) {
    die('连接失败: ' . mysqli_connect_error());
} else {
	echo '连接成功!' . "<br>";
}

$drop_db_cms = 'DROP DATABASE IF EXISTS cms';
if (!mysqli_query($link, $drop_db_cms)) {
	echo '删除数据库cms失败!' . "<br>";
} else {
	echo '数据库cms删除成功!' . "<br>";
}

$create_db_cms = 'CREATE DATABASE cms';
if (!mysqli_query($link, $create_db_cms)) {
	echo '创建数据库cms失败!' . "<br>";
} else {
	echo '数据库cms创建成功!' . "<br>";
}

mysqli_select_db($link, 'cms');

$create_table_user = "CREATE TABLE user (
id INT(10) UNSIGNED NOT NULL,
username CHAR(20),
password CHAR(20),
PRIMARY KEY (id)
)";
if(!mysqli_query($link, $create_table_user)){
    exit('创建users表失败' . mysqli_error($link));
} else {
	echo '表user创建成功!' . "<br>";
}

mysqli_close($link);
?>

image-20250815145410715

image-20250815145707133

2、使用前端代码编写一个登录页面,具体后端功能点可以先不实现

<!DOCTYPE html>
<html lang="zh-CN">
<head>
    <meta name="viewport" content="width=device-width, initial-scale=1">
    <meta charset="UTF-8" />
    <title>login</title>
</head>
<body>
    <div >
        <form method="post" action="login.php">
            <p>
                <label for="name">输入你的账号</label>
                <input id="name" name="name" type="text" size="20" maxlength="20" />
            </p>
            <p>
                <label for="password">输入你的密码</label>
                <input id="password" name="password" type="password" size="20px" />
            </p>
            <p>
                <input type="submit" name="button" value="登录" >
                <input type="reset" name="reset" value="清除输入" >
            </p>
        </form>
        <a href="/regedit.html">没有账号?点击注册!</a>
    </div>
</body>

image-20250815145053770

3、在登录页面引入注册功能点,要求用户可以注册账户写入到cms数据库,可选实现当id冲突时注册失败

<?php
header('Content-Type: text/html; charset=utf-8');

$db_host = '127.0.0.1';
$db_admin = 'root';
$db_passwd = 'root';
$db_name = 'cms';

$link = mysqli_connect($db_host, $db_admin, $db_passwd, $db_name);
$post_id = $_POST['account'];
$post_user = $_POST['name'];
$post_passwd = $_POST['password'];

if ($post_id == null || $post_user == null || $post_passwd == null) {
	exit('请勿输入空数据');
}

$select_id = 'SELECT * FROM USER WHERE id = ' . $post_id;
$result1 = mysqli_query($link, $select_id);
$row_count = mysqli_num_rows($result1);
if ($row_count === 1) {
    exit('账号id重复,请返回重新注册!');
}

$insert_data = "INSERT INTO USER (id, username, password) VALUE($post_id, $post_user, $post_passwd)";
if (!mysqli_query($link, $insert_data)) {
	echo "no" . "<br>" . mysqli_error($link);
} else {
	mysqli_close($link);
	header("Location: success.html");
}
?>

<!--success.html-->
<!DOCTYPE html>
<html lang="zh-CN">
<head>
    <meta name="viewport" content="width=device-width, initial-scale=1">
    <meta charset="UTF-8">
    <title>页面跳转中...</title>
    <meta http-equiv="refresh" content="5; url=work.html">
</head>
<body>
    <h1>注册成功!</h1>
    <p>页面将在 <span id="countdown">5</span> 秒后自动跳转...</p>
    <script>
        // 添加倒计时效果
        let seconds = 5;
        const countdownElement = document.getElementById('countdown');
        
        const timer = setInterval(() => {
            seconds--;
            countdownElement.textContent = seconds;
            
            if (seconds <= 0) {
                clearInterval(timer);
            }
        }, 1000);
    </script>
</body>
</html>

image-20250815174638792

image-20250815174759853

4、使用yakit或者burp抓取注册功能点的数据包,手动修改数据包实现注册第二个用户

修改前

image-20250815175208486

抓包修改

image-20250815180825815

重新查看数据库,发现新增加的用户

image-20250815180840463

5、实现查看当前网页所有注册用户的功能

<!--index.html,默认登录成功界面-->
<!DOCTYPE html>
<html lang="zh-CN">
<head>
    <meta name="viewport" content="width=device-width, initial-scale=1">
    <meta charset="UTF-8" />
    <title>默认登录成功界面</title>
</head>
<body>
    <h1>恭喜你登陆成功!</h1>
    <div >
        <form method="post" action="index.php">
            <p>
                <input type="submit" name="button" value="点击查看所有注册用户" >
            </p>
        </form>
    </div>
</body>
</html>



<?php		# index.php显示所有注册用户
header('Content-Type: text/html; charset=utf-8');

$db_host = '127.0.0.1';
$db_admin = 'root';
$db_passwd = 'root';
$db_name = 'cms';

$link = mysqli_connect($db_host, $db_admin, $db_passwd, $db_name);

$select_all = 'SELECT * FROM USER';
$result = mysqli_query($link, $select_all);

echo '<table border="1" cellspacing="0" cellpadding="4">';
echo "<thead><tr><th>ID</th><th>姓名</th><th>密码</th></tr></thead>";
while ($row = mysqli_fetch_assoc($result)) {
	// 表格显示
	echo "<tr>
            <td>{$row['id']}</td>
            <td>{$row['username']}</td>
            <td>{$row['password']}</td>
          </tr>";
}
echo "</table>";

?>

image-20250815175417230

image-20250815175425005

6、完善登录功能点的逻辑,实现登录操作

<?php
header('Content-Type: text/html; charset=utf-8');

$db_host = '127.0.0.1';
$db_admin = 'root';
$db_passwd = 'root';
$db_name = 'cms';

$link = mysqli_connect($db_host, $db_admin, $db_passwd, $db_name);
$post_id = $_POST['name'];
$post_passwd = $_POST['password'];

if ($post_id == null || $post_passwd == null) {
	exit('请勿输入空数据');
}

$select_t = 'SELECT * FROM USER WHERE id = ' . $post_id;
$result1 = mysqli_query($link, $select_t);
$row_count = mysqli_num_rows($result1);
if ($row_count === 0) {
    exit('账号不存在,请返回注册!');
}

$select_id = "SELECT * FROM USER WHERE id = " . $post_id;
$result = mysqli_query($link, $select_id);
if ($result) {
	$row_assoc = mysqli_fetch_array($result, MYSQLI_ASSOC);
	if ($post_passwd == $row_assoc['password']) {
		mysqli_close($link);
		header("Location: index.html");
	} else {
		exit('账号或密码错误');
	}
} else {
	exit('账号或密码错误');
}
?>

image-20250815175417230

Author: wickt42
Link: http://example.com/2025/08/14/php小测/
Copyright Notice: All articles in this blog are licensed under CC BY-NC-SA 4.0 unless stating additionally.
Web